AIDAIO Pvt. Limited

Which Login type to choose?

Created by: Prateek Bhardwaj

Modified on: Mon, 10 Dec, 2018 at 12:49 PM

Before we go ahead and elaborate on the type of Login's available within the system, it is very important to understand what type of login should you go ahead and which one do we recommend under what circumstances.

There are scenarios under which you are using the app only for a pre-defined number of individuals, this situation usually arises when the platform is being used by MNC/brands that wish to get the tasks done or pass information restricted only within the organization. This scenario prevents users from signing up and a pre-determined value(as given by the brand/company) is used for logging in.

So let us first deep dive into this and run you through the bunch of options available if you are using a pre-determined list of users or you have restricted sign-ups on the app itself.

Pre-determined list

While using a pre-determined list of users you can configure the login in three ways, viz.

1. Email - Email Id used within the organization

2. Phone - Phone number provided by the organization

3. EmpId (Employee/User Id) - The Employee Id/User-Id used within the organization

Now based on which of the three are being used, you can configure the login with different values which can be one of the following:

1. Password - A alphanumeric code which is set by the end user based on his discretion. Password as a value is more secure than PIN and cannot be edited/changed post creation even by the admin despite having access to the CMS. The only way to change the password is through the EmailId/Phone number used at the time of signing up because of the security protocols that are followed along with it(Email Verification/Forget password email in this case or OTP generated and sent to the registered mobile number)

2. Pin - A four digit number which can either be configured by you or we can generate a random 4 digit number for the number of users. If you wish to bulk-upload the list of pre-determined users, you can also add a four digit pin to every user and the system will designate that respective pin for the respective user. The caviar to PIN being enabled as a login value is that we/admin(anyone who has access to the CMS) can have a look at the pin for a particular user and can reset/change it. Thus, if the end user is not able to login into the app, the administrator can change the PIN from the back end. We recommend using PIN as a login only if you would not want the end user to go through a lot of trouble while signing-up or logging into the app which might be the case with password being used as a value.

Password as a login value should be used where the app data/content is highly confidential and you would want only the end user to be able to access that without any intervention from the admin. This provides more friction to the end user because of the set of rules that need to be followed while creating a password but in turn becomes more secure and only the end-user can set-up the password.

We suggest Password to be used as a value for Email and Phone number login as the audience is usually more tech savvy and can configure the same with minimum friction.

PIN is usually preferred where you would want minimum friction while logging in or the target audience is not that tech savvy to go through the trail of password creation permutations and combinations.

We suggest PIN to be used as a value for EmployeeId fieldlogin as the audience is usually not that tech savvy and can access the platform with the help of a 4 digit pin(created by you or randomly generated by us for use)

Sign-ups Allowed

Now being seen the case of a pre-determined list/restricted logins, there might be cases when you would allow users to sign-up into the app.

While allowing sign-ups you can configure the login in two ways, viz.

1. Email - Email Id used within the organization or personal email Id

2. Phone - Phone number provided by the organization or personal phone number

While using email as a sign-up field and allowing signing-up you can restrict the user to input an email-id having your brand domain for eg. you can restrict users to only sign-up from abc@xyz.com, thus, if the email id used dosent have @xyz.com, the user cannot sign up. You can also configure email verification to add an extra layer of check to prevent any false sign-ups.

While using phone number as a sign-up field, an OTP is generated to prevent false sign-ups.

In the above two scenarios, if the user forgets the password, he/she can reset the same using using a reset password link sent to his/her email Id or generated OTP sent to the registered phone number.